To sync with LDAP/MSAD you need to configure some parameters according to the vendor you're using. Currently only MSAD is supported, but you can use other configurations using a custom profile. See also How to Install the CloudGen Access User Directory Connector.
MSAD
Example configuration parameters (config.json file) for an MSAD installation:
{
enrollment_token="https://enterprise.fyde......",
ldap_host="192.168.1.169",
ldap_profile="ad",
ldap_user_search_base="ou=Users,ou=MyOrg,dc=myorg,dc=com",
ldap_group_search_base="ou=Groups,ou=MyOrg,dc=myorg,dc=com",
ldap_auth_method="simple",
ldap_auth_username="User Name",
ldap_auth_password="password"
}Configuration Parameters
The LDAP-specific parameters are listed in the tables below. See also General parameters. Note that you only need prefix the key with "FYDE_"... and capitalize the rest if you are using an environment variable, but not with a configuration file or a Vx.
Basic Connection And Auth
Key | Default Value | Type | Description |
ldap_host | string | LDAP server hostname/IP to connect to | |
ldap_port | 389 or 636 (TLS) | string | LDAP server port to connect to |
ldap_auth_method | string | Authentication methods:
| |
ldap_auth_username | string | Username for | |
ldap_auth_password | string | Password for | |
ldap_auth_sasl_credentials | string | SASL credentials for SASL auth method | |
ldap_use_starttls | true | bool | Use StartTLS for LDAP |
ldap_use_tls | false | bool | Connect to LDAP using TLS |
ldap_sni | false | string | Use SNI hostname when using TLS |
ldap_privkey | string | Specify private key for TLS auth | |
ldap_privkey_password | string | Specify private key password for TLS auth | |
ldap_pubkey | string | Specify public key for TLS auth | |
ldap_cacerts | string | Specify CA trusted certs | |
ldap_check_certs | true | bool | Check if server certs are trusted or not |
ldap_check_hostname | true | bool | Check hostname on the certificate |
ldap_cert_additional_names | string | Specify additional valid hostnames |
More Advanced Options
Key | Default Value | Type | Description |
ldap_debug_detail_level | error | string | LDAP level debugging levels:
Options:
|
ldap_profile | ad | string | Enables vendor specific configurations. Options:
|
ldap_connect_timeout | 10 | string | Connection timeout for the LDAP server (in seconds) |
ldap_receive_timeout | 60 | string | Receive timeout |
ldap_ignore_malformed_schema | false | bool | Ignore errors caused by malformed schemas |
ldap_user_search_base | string | Search query to find user objects | |
ldap_user_class_filter | string | Search base to find user objects | |
ldap_user_search_scope | subtree | string | Scope to find user objects. Options:
|
ldap_user_uuid | string | Specify user UUID attribute | |
ldap_user_name | string | Attribute to get user name from | |
ldap_user_phone | string | Attribute to get user phone from | |
ldap_user_email | string | Attribute to get user email from | |
ldap_user_disabled_filter | string | Attribute to get user disabled state from | |
ldap_user_modified | string | Attribute to check user for last modification | |
ldap_user_deleted_filter | string | Search query to find deleted users | |
ldap_user_deleted_controls | string | Control OID for user deleted | |
ldap_group_search_base | string | Search query to find group objects | |
ldap_group_class_filter | string | Search base to find group objects | |
ldap_group_search_scope | subtree | string | Scope to find group objects. Options:
|
ldap_group_uuid | string | Specify group UUID attribute | |
ldap_group_name | string | Attribute to get group name from | |
ldap_group_modified | string | Attribute to check group for last modification | |
ldap_group_deleted_filter | string | Search query to find deleted groups | |
ldap_group_deleted_controls | string | Control OID for group deleted | |
ldap_membership_object | group | string | Scope to find group objects. Options:
|
ldap_membership_attribute | string | LDA membership attribute |